redline | f62e04bed2383a126445fe9cfd4671a649cb162069b712da592a8cb300f7e0fe | Triage

Submit
Reports

Overview

overview

Static

static

Eulen.Menu...ry.rar

windows10-2004-x64

Sharing

General

Target

Eulen.Menu.by.1msorry.rar
Size

2.3MB
Sample

221216-kt4y4shc3v
MD5

0fb5fbf947ce20a5b1a78327d7b3533b
SHA1

2b988ef70d4b6c2b2c4b22600366d9ce1ce9565c
SHA256

f62e04bed2383a126445fe9cfd4671a649cb162069b712da592a8cb300f7e0fe
SHA512

30256b1aaf06f93bbc80b16559f1ee20c7f47dac0440a90bff8fd4e501366b5d8a712d74858fddb01ced5752ce7a1a285a6c41a7142da1f96412ce99c767f2fa
SSDEEP

49152:ahBpu25Y5Nt7n2nX99a7vUP3MwCc3G4VEfYmqY4pvPqCjtnUlHbDPVBp3fc:y8j57SN9aQBG2hY4p3T5WE

Score

10^/10

redline spoofer discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Eulen.Menu.by.1msorry.rar

Resource

win10v2004-20220901-en

redline spoofer discovery infostealer spyware stealer

windows10-2004-x64

18 signatures

600 seconds

Malware Config

Extracted

Family

redline

Botnet

SPOOFER

C2

20.197.226.40:32619

Targets

- Target
  
  Eulen.Menu.by.1msorry.rar
- Size
  
  2.3MB
- MD5
  
  0fb5fbf947ce20a5b1a78327d7b3533b
- SHA1
  
  2b988ef70d4b6c2b2c4b22600366d9ce1ce9565c
- SHA256
  
  f62e04bed2383a126445fe9cfd4671a649cb162069b712da592a8cb300f7e0fe
- SHA512
  
  30256b1aaf06f93bbc80b16559f1ee20c7f47dac0440a90bff8fd4e501366b5d8a712d74858fddb01ced5752ce7a1a285a6c41a7142da1f96412ce99c767f2fa
- SSDEEP
  
  49152:ahBpu25Y5Nt7n2nX99a7vUP3MwCc3G4VEfYmqY4pvPqCjtnUlHbDPVBp3fc:y8j57SN9aQBG2hY4p3T5WE
Score

10^/10

redline spoofer discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinespooferdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy